Bug #7769: DetectFileHashParse crashes when de_ctx->rule_file is NULL (strdup → SIGSEGV) - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #7769

open

DetectFileHashParse crashes when de_ctx->rule_file is NULL (strdup → SIGSEGV)

Added by Boris Tonofa about 10 hours ago.

Status:

New

Priority:

Normal

Assignee:

Boris Tonofa

Target version:

TBD

Affected Versions:

6.0.13, 7.0.0, 6.0.14, 7.0.1, 6.0.15, 7.0.2, 6.0.16, 7.0.3, 6.0.17, 7.0.4, 6.0.18, 6.0.19, 7.0.5, 6.0.20, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 8.0.0-beta1, 8.0.0-rc1, 8.0.0, 7.0.11, 7.0.12, 8.0.1, TBD, git master

Effort:

medium

Difficulty:

Label:

Description

When Suricata parses rules it invokes DetectFileHashParse() to turn a filemd5/sha1/sha256 keyword into an in-memory hash table. If the rules are supplied from memory, the parser context field de_ctx->rule_file is NULL; nevertheless the code still executes SCStrdup(de_ctx->rule_file). Because strdup(NULL) dereferences a null pointer inside strlen(), Suricata crashes with SIGSEGV during the rule-loading phase.

No data to display

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #7769

DetectFileHashParse crashes when de_ctx->rule_file is NULL (strdup → SIGSEGV)